EUVD-2024-39450

Malicious code in bioql PyPI...

EUVD-2023-58222

Malicious code in bioql PyPI...

OESA-2025-2112 aide security update

Security Fixes: A vulnerability was found in AIDE up to 0.19.1 and classified as problematic.Using CWE to declare the problem leads to CWE-117. The product does not neutralize or incorrectly neutralizes output that is written to logs.Impacted is integrity.Upgrading to version 0.19.2 eliminates th...

GHSA-8G98-M4J9-QWW5 Taylored webhook validation vulnerabilities

Critical Security Advisory for Taylored npm package v7.0.7 - tag 7.0.5 Summary A series of moderate to high-severity security vulnerabilities have been identified specifically in version 7.0.7 of \taylored. These vulnerabilities reside in the "Backend-in-a-Box" template distributed with this...

CVE-2024-42187

BigFix Patch Download Plug-ins are affected by path traversal vulnerability. The application could allow operators to download files from a local repository which is vulnerable to path traversal attacks...

CVE-2024-42186 HCL BigFix Patch Download Plug-ins are affected by an insecure protocol support

BigFix Patch Download Plug-ins are affected by an insecure protocol support. The application can allow improper handling of SSL certificates validation...

CVE-2024-42186 HCL BigFix Patch Download Plug-ins are affected by an insecure protocol support

BigFix Patch Download Plug-ins are affected by an insecure protocol support. The application can allow improper handling of SSL certificates validation...

CVE-2024-42185 HCL BigFix Patch Download Plug-ins are affected by an insecure package which is susceptible to XML injection attacks

BigFix Patch Download Plug-ins are affected by an insecure package which is susceptible to XML injection attacks. This allows an attacker to exploit this vulnerability by injecting malicious XML content, which can lead to various issues including denial of service and unauthorized access...

CVE-2024-42184 HCL BigFix Patch Download Plug-ins are affected by insecure support for file URI scheme

BigFix Patch Download Plug-ins are affected by insecure support for file URI scheme. It could allow a malicious operator to attempt to download files using the file:// URI scheme...

CVE-2024-42184 HCL BigFix Patch Download Plug-ins are affected by insecure support for file URI scheme

BigFix Patch Download Plug-ins are affected by insecure support for file URI scheme. It could allow a malicious operator to attempt to download files using the file:// URI scheme...

CVE-2024-42184

CVE-2024-42184 affects the BigFix Patch Download Plug-ins. The vulnerability arises from insecure support for the file:// URI scheme in the plug-ins, which could allow a user with local access to attempt to download files via file:// links. The available connected sources confirm the affected pro...

CVE-2024-42183 HCL BigFix Patch Download Plug-ins are affected by an arbitrary file download vulnerability

BigFix Patch Download Plug-ins are affected by an arbitrary file download vulnerability. It could allow a malicious operator to download files from arbitrary URLs without any proper validation or allowlist controls...

CVE-2024-42182 HCL BigFix Patch Download Plug-ins are affected by Server-Side Request Forgery (SSRF) vulnerability

BigFix Patch Download Plug-ins are affected by Server-Side Request Forgery SSRF vulnerability. It may allow the application to download files from an internally hosted server on localhost...

CVE-2024-42182 HCL BigFix Patch Download Plug-ins are affected by Server-Side Request Forgery (SSRF) vulnerability

BigFix Patch Download Plug-ins are affected by Server-Side Request Forgery SSRF vulnerability. It may allow the application to download files from an internally hosted server on localhost...

PT-2025-2634 · Ibm · Bigfix Patch Download Plug-Ins

Name of the Vulnerable Software and Affected Versions: BigFix Patch Download Plug-ins affected versions not specified Description: The issue concerns a path traversal vulnerability. This could allow operators to download files from a local repository that is vulnerable to path traversal attacks...

PT-2025-2633 · Ibm · Bigfix Patch Download Plug-Ins

Name of the Vulnerable Software and Affected Versions: BigFix Patch Download Plug-ins affected versions not specified Description: The issue is related to an insecure protocol support in BigFix Patch Download Plug-ins, which can lead to improper handling of SSL certificates validation. This may...

PT-2025-2632 · Ibm · Bigfix Patch Download Plug-Ins

Name of the Vulnerable Software and Affected Versions: BigFix Patch Download Plug-ins affected versions not specified Description: The issue is related to an insecure package in BigFix Patch Download Plug-ins that is susceptible to XML injection attacks. This allows an attacker to inject maliciou...

cve_tracking

cvetracking 介绍 cve 补丁自动获取工具，该工具将会根据 cve 和 rpm 包自动在上游社区查找补丁并反馈结果，同时也可以下载查找到的补丁以及验证补丁的可用性。 软件架构 python 可执行代码 安装教程 1. 下载代码 shell git clone https://gitee.com/openeuler/cve-manager.git 2. 进入工具执行目录 shell cd xxx上述代码下载目录/cve-manager/cve-agency-manager/cvetracking 3. 在 cve-tracking.yaml 的 authentication 中...

LastPass Patches Ormandy Remote Compromise Flaw

LastPass has patched a vulnerability in its Firefox add-on found by Google Project Zero researcher Tavis Ormandy that allows attackers complete remote compromise of the password manager, . The divisive Ormandy submitted a bug report on Tuesday to LastPass after a series of tweets hinting at serio...

HTTP. sys remote code execution vulnerability in the repair method-vulnerability warning-the black bar safety net

Vulnerability description If an attacker to the affected Windows System to send a specially crafted HTTP request, this vulnerability allows for remote code execution. After security personnel test, serious harm, Please as soon as possible repair. This security update fixes the vulnerability in...